TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

add $deliver flag to item_store() and item_store_update() [default true]. If false, do not send any notifications or process tag_deliver. This should avoid any network activity from happening as the result of a channel (actually item) import. Other minor fixes in the handling of the $allow_exec flag and further protecting CSS passed to widgets from rogue code and XSS.

Browse Source
This commit is contained in:
redmatrix
2016-01-16 14:00:22 -08:00
parent f66c6bfebf
commit 110ef6201e
7 changed files with 18 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mod/import_items.php
View File

@@ -86,14 +86,11 @@ function import_items_post(&$a) {
$channel = $a->get_channel();
$saved_notification_flags = notifications_off($channel['channel_id']);
if(array_key_exists('item',$data) && $data['item']) {
import_items($channel,$data['item']);
}
notifications_on($channel['channel_id'],$saved_notification_flags);
if(array_key_exists('item_id',$data) && $data['item_id']) {
import_item_ids($channel,$data['item_id']);
}
@@ -107,9 +104,6 @@ function import_items_post(&$a) {
function import_items_content(&$a) {
if(! local_channel()) {
notice( t('Permission denied') . EOL);
return login();

2
mod/item.php
View File

@@ -446,7 +446,7 @@ function item_post(&$a) {
$execflag = false;
if($mimetype === 'application/x-php') {
if($mimetype !== 'text/bbcode') {
$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
intval($profile_uid)
);